From owner-freebsd-questions Wed Mar 15 16:51:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail4.one.net (mail4.one.net [206.112.192.132]) by hub.freebsd.org (Postfix) with ESMTP id 87FDA37C07E for ; Wed, 15 Mar 2000 16:51:24 -0800 (PST) (envelope-from carleton@one.net) Received: from port-8-96.adsl.one.net ([216.23.16.96] EHLO miltonstreet.com ident: IDENT-NOT-QUERIED [port 58350]) by mail2.one.net with ESMTP id <76120-6837>; Wed, 15 Mar 2000 19:51:13 -0500 Message-ID: <38D02F79.2B7DDEE4@miltonstreet.com> From: Sam Carleton X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Questions Subject: Re: HELP!!! using RSA w/o passwords? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Wed, 15 Mar 2000 19:51:03 -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG rsowders@usgs.gov wrote: > Make sure your /usr/local/etc/sshd_config has " RSAAuthentication yes" and > your ssh_config have "RSAAuthentication yes" > Now run ssh-keygen but when it asks you for a pass phrase do not put > anything in just hit the enter key. When I run ssh-keygen, am I recreating the key for the user (~/.ssh2)or the system (/etc/ssh2/)? > Transfer the identity.pub from each machine into the other machines > authorized_keys file. I am still not 100% about this part. Again, is this for the user or the system? How exactly do I transfer the identity.pub into the authorized_keys file? Does authorized_keys have the path/filename of the identity.pub or do I do do something like this cat identity.pub >> authorized_keys? > Now passwords are not used at all and it relies on the identity.pub file > and the authorized_keys file and the pass-phrase (of which there is none) > everything else being satisfied it will let you in if you have the correct > keys (identity.pub). > > Warning this is not very secure, in that if one machine/account is > compromised every machine that allows RSA login from the compromised > machine/account is also compromised. If you are willing to tolerate this, > then the preceding explanation is for you. I only want this setup for users, not the whole system. My final objective is to setup a ??ppnp?? within ssh to create a VPN between to locations. Any thoughts on the most secure way of doing this? Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message